# TP Ansible

## Les bases

* Préparer les machines cibles.

* Créer un fichier d'inventory.

* Vérifier le bon fonctionnement d'Ansible.


## Vérifier la version de Ansible

```none
ansible@ansible-0:~$ ansible --version
ansible 2.6.4
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/ansible/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.13 (default, Nov 24 2017, 17:33:09) [GCC 6.3.0 20170516]
```


## Préparer les machines cibles

Pour que Ansible puisse se connecter à des machines distantes, il faut :

1. Mettre en place une authentification  
via une paire de clés ssh,

2. Générer un fichier d'inventaire qui contiendra  
la liste des machines.


## Authentification via clés ssh


![Schéma connexion ssh](images/ansible-archi-ssh.png) <!-- .element: height="550px" -->


* Créer une paire de clés ssh
<!-- .slide: data-state="small-code" -->

```none
$ cd
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ansible/.ssh/id_rsa):
Created directory '/home/ansible/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ansible/.ssh/id_rsa.
Your public key has been saved in /home/ansible/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:pipIK6HsauJKf2TuyRRWf/EYgUggRknBmtbIuGVq0/g ansible@ansible-0
The key's randomart image is:
+---[RSA 2048]----+
|  +*o.o.. ..     |
|  .o.  . .  .    |
|o =    .   o     |
|.*o.  . .   =    |
|.=o  o  S. o .   |
|+= ..o.o  .      |
|=++ +..          |
|*+oEo+.          |
|@o o++           |
+----[SHA256]-----+
```
<!-- .element: class="fragment" data-fragment-index="1" -->

```none
$ ls -l ~/.ssh/
total 12
-rw------- 1 ansible ansible 1679 sept. 20 09:43 id_rsa
-rw-r--r-- 1 ansible ansible  407 sept. 20 09:43 id_rsa.pub
```
<!-- .element: class="fragment" data-fragment-index="2" -->


* Copier la clé publique sur les machines cibles

```none
$ ssh-copy-id -i 192.168.56.102
$ ssh 192.168.56.102

$ ssh-copy-id -i 192.168.56.103
$ ssh 192.168.56.103

$ ssh-copy-id -i 192.168.56.104
$ ssh 192.168.56.104
```
<!-- .element: class="fragment" data-fragment-index="1" -->


## Fichier d'inventaire minimal


* Créer le fichier d'inventaire  
`inventories/formation/hosts`.

```none
$ mkdir -p inventories/formation

$ cat <<EOF > inventories/formation/hosts
192.168.56.102
192.168.56.103
192.168.56.104
EOF
```
<!-- .element: class="fragment" data-fragment-index="1" -->


* Vérifier l'inventaire.

```none
$ ansible all --list-hosts
 [WARNING]: provided hosts list is empty,
 only localhost is available.
 Note that the implicit localhost does not match 'all'
  hosts (0):
```
```none
$ ansible all -i inventories/formation/hosts --list-hosts
  hosts (3):
    192.168.56.102
    192.168.56.103
    192.168.56.104
```
<!-- .element: class="fragment" data-fragment-index="1" -->


Syntaxe des commandes :

`ansible <host-pattern> [options]`


* Tester le ping via Ansible.

```none
$ ansible all -i inventories/formation/hosts -m ping
192.168.56.104 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
192.168.56.103 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
192.168.56.102 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
```
<!-- .element: class="fragment" data-fragment-index="1" -->


* Ajouter le nom des machines dans l'inventaire  
via la syntaxe :

`<host-name> ansible_host=<ip-address>`

```none
$ cat inventories/formation/hosts
ansible-1 ansible_host=192.168.56.102
ansible-2 ansible_host=192.168.56.103
ansible-3 ansible_host=192.168.56.104
```
<!-- .element: class="fragment" data-fragment-index="1" -->

```none
$ ansible all -i inventories/formation/hosts --list-hosts
  hosts (3):
    ansible-1
    ansible-2
    ansible-3
```
<!-- .element: class="fragment" data-fragment-index="2" -->


* Tester de nouveau le ping et vérifier que les hostnames apparaissent maintenant dans les résultats.

```none
$ ansible all -i inventories/formation/hosts -m ping

ansible-3 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
ansible-2 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
ansible-1 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
```
<!-- .element: class="fragment" data-fragment-index="1" -->


* Regrouper les machines en 2 groupes :  
`centos` et `debian`.

```none
$ cat inventories/formation/hosts
ansible-1 ansible_host=192.168.56.102
ansible-2 ansible_host=192.168.56.103
ansible-3 ansible_host=192.168.56.104

[centos]
ansible-1
ansible-2

[debian]
ansible-3
```
<!-- .element: class="fragment" data-fragment-index="1" -->


* Tester de nouveau le ping mais cette fois-ci uniquement sur les machines CentOS.

```none
$ ansible centos -i inventories/formation/hosts -m ping

ansible-2 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
ansible-1 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
```
<!-- .element: class="fragment" data-fragment-index="1" -->


* Créer un groupe `tous` qui regroupera  
les groupes `centos` et `debian`.

* Tester de nouveau le ping sur le groupe `tous`.

```none
ansible-1 ansible_host=192.168.56.102
ansible-2 ansible_host=192.168.56.103
ansible-3 ansible_host=192.168.56.104

[centos]
ansible-1
ansible-2

[debian]
ansible-3

[tous:children]
centos
debian
```
<!-- .element: class="fragment" data-fragment-index="1" -->


* Créer un snapshot Virtualbox pour les machines

    - ansible-1

    - ansible-2

    - ansible-3